The Windows Incident Response Blog is dedicated to the myriad information surrounding and inherent to the topics of IR and digital analysis of Windows systems. This blog provides information in support of my books; "Windows Forensic Analysis" (1st thru 4th editions), "Windows Registry Forensics",
as well as the book I co-authored with Cory Altheide, "Digital Forensics with Open Source Tools".

so it is a version per version of Windows or the latest will cover 7 and 8?

I know the cover says "for Windows 8", and I tried to incorporate as much info as I could about Windows 8 into the book by the time it went in for the final review before printing...which was back in February. This edition includes all the Windows 7 information from the third edition, plus some new information (and some corrections), as well as some information for Windows 8.

The thing about questions like this is that Twitter really isn't the medium for them. If you have a question or comment about the book contents, you can email me, or comment here. It's just that sometimes the answers to questions like that do not fit neatly in to 140 characters or less.

Over the past couple of months, I've been asked to speak at a number of events, and when I ask what they'd like me to speak about, I generally get responses like, "...what's new in Windows 8?". The simple answer is...a lot. Also, most folks doing DFIR work may not be completely familiar with what information is available for Windows 7 systems, so what could I say about Windows 8 in an hour that would be useful to anyone. Some things (Jump Lists, the Registry, etc.) are very similar in Windows 8 as they are in Windows 7, but other things...the Registry, in particular...are different enough to pose some challenges to a good number of analysts.

So, once again...I'll be posting the link to the materials that go along with the book very soon. I post them online because people kept leaving their DVDs somewhere (at home, at work, with a friend, in their car...) and needed a means for getting the download, so I moved it online. This also allows me to update the materials, as well.

13 comments:

ForensicDev
said...

Harlan, congratulations on the official release of 4/e. Based on your recent post regarding publishing in general, I know that a lot of work went into this book. Thank you. Will be adding this book to my Kindle collection. =) Your contributions to the DFIR community is much appreciated.

It's another really informative book. I'm sure that I'm in the crowd of folks that read these types of book like a Tom Clancy novel...

But as Harlan as said over and over, information is good, but you have to actually put it to use to have any value. There is a lot of value to put to use from the book, especially on volume shadow copies.

Harlan, thank you for asking me to tech edit your book. It is always a pleasure to see you in action (so to speak...).

Thanks for picking up the mantle on that one! One of the things I will recommend at the author panel in June is that if you're going to write a book, do not make the tech editor a crap shoot...find someone you know and trust.

Thanks for your help in getting the book done. I hope the copy I sent you showed up okay.

Another related tip on finding some to tech edit or co-author a book is to just ask the person you want. Don't ask your #10 choice. Ask you number one choice. Then ask #2 if #1 doesn't accept. Then go to #3, etc...

If you are lucky, your #1 will say yes. If your #1 says no, you have at least complimented that person with an offer.

And when rejected by your potential tech editor or co-author, don't take it personally. There are too many reasons to reject being a co-author or tech editor that are legitimate and not personal. Such as being way to busy, not wanting to be named or responsible for someone else's work, or not completely agreeing with the subject matter of your book. Another reason is restrictions by an employer, which is common among a few federal government agencies.

And if you receive a request but don't really want to do it, politely decline. Don't feel pressured to say yes. Everyone is busy. Everyone has reasons to do or not do something.

There are still many topics in DFIR that can be written about, so I suggest to jump in and write. It's well worth the time and learning experience. Not for the sake of being famous, but being part of creating something that will benefit many people. That is what makes it worthwhile; contributing to others.

Something else to consider...if you're going to ask someone to assist you, ask someone you can trust to give you honest feedback. If you're asked and you agree, give honest feedback, and keep it on topic.

It's another really informative book. I'm sure that I'm in the crowd of folks that read these types of book like a Tom Clancy novel...

But as Harlan as said over and over, information is good, but you have to actually put it to use to have any value. There is a lot of value to put to use from the book, especially on volume shadow copies.